Digital finance has no doubt transformed the traditional way of providing banking and financial services, enabling greater access to financial services, offering wider choice and increasing efficiency of operations. In the European Union (EU) the use of innovative technologies in the financial sector is facilitating changes to value chains, that dependencies on digital platforms are increasing rapidly, and that new mixed-activity groups are emerging.
While these trends open up a range of opportunities for both EU consumers and financial institutions, they also pose new risks and regulatory challenges. In particular, the growing digitalisation of financial service activities has contributed to the fragmentation of the value chain for financial services due to the growing reliance of financial institutions on services provided by technology companies or with the emergence of FinTechs that have niche positions in the market.
The stablecoin Terra and Luna crisis earlier this year showed once again the risks incurred by holders in the absence of regulation, as well as the impacts it has on other crypto-assets. Such adverse developments in the crypto-assets market have confirmed the urgent need for an EU-wide regulation. In addition, heavy reliance on tech companies by financial institutions may create risks to financial stability, where the same small number of companies are being used by many firms across the financial sector. Likewise, the entry of BigTechs into financial services may create concentration risks and raise level playing field issues relative to incumbent actors.
In particular, the existing regulatory and supervisory frameworks were not designed with these technological and competitive market developments in mind. It is clear that, to prepare the EU financial sector to better embrace the opportunities brought by new technologies, supervisory and regulatory convergence across the EU is required. Such convergence should also enable innovative digital finance solutions to be rapidly rolled out across the EU, while preserving financial stability and ensuring consumer protection.
In fact, regulatory authorities in the EU have already been working on such issues for several years. Following public consultations, an action plan on FinTech and the digital finance outreach, the European Commission (EC) adopted a Digital Finance Package (DFP) in September 2020. Consisting of a Digital Finance Strategy (DFS), and legislative proposals on crypto-assets and digital resilience, DFP aims to create a competitive EU financial sector that gives consumers access to innovative financial products, while ensuring consumer protection and financial stability.
DFS aims to set out the Commission’s intention to review the existing financial services legislative frameworks in order to protect consumers and safeguard financial stability, protect the integrity of the EU financial sectors and ensure a level playing field. It addresses risks associated with the fragmentation in the Digital Single Market for financial services, addresses new challenges and risks associated with the digital transformation and to ensure that the EU regulatory framework facilitates digital innovation in the interest of consumers and market efficiency. It should also be emphasized that DFS has also created an EU-wide financial data space to promote data-driven innovation and sets out new mandates for the European Banking Authority in relation to digital identities and artificial intelligence, as well as RegTech and SupTech.
While the Digital Markets Act (DMA) adopted in 2020 has already set out a new supervisory framework at EU level to address conduct and competition harm risks associated with large systemic online platforms (“gatekeepers”), legislative proposals under DFP include packages for markets in crypto-assets (MiCA) and digital operational resilience (DORA), which cover a much broader range of supervisory topics.
In a nutshell, MiCA and DORA packages set out the mandates for the ESAs to support the development of EU regulatory frameworks in the areas of crypto-assets and ICT and security risk management respectively. The proposals are expected to facilitate the scaling up of technology-enabled financial services cross-border whilst ensuring effective risk mitigation for consumers and financial stability in line with “the principle of technological neutrality”, which suggests that policymakers should not favor any “winners” in the competition between alternative technologies but should allow market mechanisms to determine which technologies achieve broad adoption.
MiCA is particularly important as it proposes the establishment of an EU framework for the regulation of specified activities involving crypto-assets that are not already covered by EU law. These include issuance of crypto-assets, custody and administration of crypto-assets, operation of crypto-asset trading platforms and exchanges (to fiat or other crypto). While some EU member states already have national legislation for crypto-assets, but so far there had been no specific regulatory framework at EU level, MiCA represents a step change as it sets out a standardized regulatory framework, as well as some new policy mandates and supervision functions for the EBA for issuers of “significant asset-backed crypto-assets”.
DORA, on the other hand, proposes a new framework for digital operational resilience for EU financial entities and to consolidate and upgrade the information and communication technology (ICT) risk requirements that are currently patchy and spread over the financial services legislation. In summary, the package sets out new policy mandates for the EBA with respect to risk management, incident reporting, digital operational resilience testing, measures for a sound management by financial entities of the ICT third-party risk as well as a new ESA oversight role over critical ICT third party providers.
In February 2021, the European Commission issued a Request to EBA, EIOPA and ESMA for technical advice on digital finance and related issues, calling on the three European Supervisory Authorities (ESAs) to provide advice on the regulation and supervision of more fragmented or non- integrated value chains, platforms and bundling of various financial services, and groups combining different activities. In response, the ESAs published a joint report in February 2022, recommending a series of actions to the EC to strengthen EU financial services regulation and enhance supervisory capabilities in line with these developments.
The proposals also prioritize a high level of consumer protection and addressing risks arising from the transformation of value chains, platformisation and the emergence of new ‘mixed-activity groups’ ie groups combining financial and non-financial activities. In particular, the ESAs highlight the growing interactions between incumbent financial institutions, FinTechs and BigTechs through partnerships, joint ventures, outsourcing and sub-outsourcing, mergers and acquisitions, and recommend rapid action to ensure that the EU’s financial services regulatory and supervisory framework remains fit -for-purpose in the digital age.
Supervisory proposals comprise a holistic approach to the regulation and supervision of the financial services value chain, effective regulation and supervision of ‘mixed-activity groups’, including a review of prudential consolidation requirements and cooperation between financial and other relevant authorities, including on a cross -border and multi-disciplinary basis. Particularly, from a financial conduct perspective, it is noteworthy that key recommendations span some very critical areas such as disclosure practices, complaints handling and redress mechanisms, financial literacy, and the use of social media as a way of marketing financial products and services.
While the EC’s broader digital finance package aims to develop an EU approach that fosters technological development, ensures financial stability and enhances consumer protection, the MiCA proposal is particularly expected to fill an important gap in existing EU legislation with respect to the use of new digital financial instruments and to provide for an appropriate level of consumer and investor protection. Trilogues between the co-legislators ended in the provisional agreement reached on 30 June 2022 but this is subject to approval by the Council and the European Parliament before going through the formal adoption procedure.
With the adoption of the agreement on the MiCA, the EU will bring crypto-assets, crypto-assets issuers and crypto-asset service providers under a regulatory framework for the first time. This is significant because the provisional agreement proposal covers issuers of unbacked crypto-assets, and so-called “stablecoins”, as well as the trading venues and the wallets where crypto-assets are held. However, it should be noted that non-fungible tokens (NFTs) are excluded from the scope of MiCA unless they already fall under existing crypto-asset categories. For NFTs, the EC is expected to prepare a comprehensive assessment and, if deemed necessary, a specific, proportionate and horizontal legislative proposal to create a regime.
MiCA proposes to protect consumers by requesting stablecoin issuers to build up a sufficiently liquid reserve, with a 1/1 ratio and partly in the form of deposits. Every stablecoin holder will be offered a claim at any time and free of charge by the issuer, and the rules governing the operation of the reserve will also provide for an adequate minimum liquidity. Furthermore, all stablecoins will be supervised by the EBA, with a presence of the issuer in the EU being a precondition for any issuance.
At the moment, crypto-asset investors have very limited rights to protection or redress, especially if the transactions take place outside the EU. With the new rules, crypto-asset service providers (CASPs) will have to respect strong requirements to protect consumers’ wallets and become liable in case they lose investors’ crypto-assets. MiCA will also cover any type of market abuse related to any type of transaction or service, notably for market manipulation and insider dealing.
In addition, MiCA introduces authorization requirements and additional AML rules. For instance, CASPs will need an authorization in order to operate within the EU. National authorities will be required to issue authorizations within a timeframe of three months. Regarding the largest CASPs, national authorities will be required to submit relevant information regularly to the ESMA. On the other hand, CASPs, whose parent company is located in countries listed on the EU list of third countries considered at high risk for anti-money laundering activities, as well as on the EU list of non-cooperative jurisdictions for tax purposes, will be required to implement enhanced checks in line with the EU AML framework.
In conclusion, setting EU-wide rules for CASPs and different crypto assets, this landmark regulation will provide protection to investors and preserve financial stability, while allowing innovation, preventing the misuse of crypto-assets and fostering the attractiveness of the crypto-asset sector. It is therefore expected to put an end to the crypto wild west and confirms the EU’s role as a standard-setter for digital topics.